SendGrid Email Platform Compromised by Phishing, 2FA Needed

A data breach has been reported in the cloud-based email service SendGrid. The platform is used to deliver more than 18 billion emails on a monthly basis and is mainly used by businesses. A security break was initially announced by the New York Times on April 9 when it became apparent that SendGrid accounts were hijacked and employed to spread phishing emails.

Later, SendGrid clarified that the attack was not to be treated as a platform breach but only as an isolated event.

Isolated or not, SendGrid has now confirmed that an employee email account has been hijacked and used three times to access internal systems. The internal systems are said to have stored both company employees’ and customers’ usernames and email credentials. In reply to the hack, SendGrid users are advised to change their passwords and enable two-factor authentication to strengthen further their accounts.

Luckily, payment information and bank account details have not been leaked.

Customers who use DomainKeys Identified Mail (DKIM keys) are advised to generate new keys and update their DNS records so that the change is documented. The number of such customers is estimated at 600. They will all receive emails with detailed instructions on how to complete the task.

David Campbell, the SendGrid Chief Strategy Officer, has added that the company is currently taking a number of actions to improve the system’s security. The first and most crucial step is timely informing all their customers to change passwords and add enhanced two-factor authentication.

2FA is described as an unambiguous identification that consists of the combination of two different components only known to the user. The components may be:

Physical object possessed by the user, such as a USB stick with a secret token, a bank card, or a key.

Secret information known to the user, such as a username, password, or a PIN.